Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
argst
New Contributor

Created on ‎10-03-2015 04:30 PM

vlan 100 for WAN port fortiwifi 30d

hi all

still feeling very new to the world of routing, switching etc so please forgive me if my question isnt clear.

 

i have a nice new shiny fortiwifi 30d for my home FW/Router. The sad news is that my ISP, being cheap and nasty, have hard coded requirement for PPPoE traffic to be tagged with VLAN 100.

 

ive had a bit of a play but i cant for the life of me figure out how to tag the physical interface. I created a sub interface and tagged this with VLAN 100 however this wont connect as the physical WAN with appears to take precedent.

 

To rehash; need to tag all WAN interface traffic with VLAN 100? any help would be great.

 

thanks.

17525
0 Kudos
3 Solutions
emnoc
Esteemed Contributor III

Created on ‎10-04-2015 12:06 AM

What are  you doing specifically and how?

 

You would need something similar to below;

 

config system interface     edit "vlan124interface"         set vdom "CNN45"         set mode pppoe         set snmp-index 60         set username "TRONCD4hjWEk01"         set password ENC GPPyOLfRw5SB/BeYIy0aLDH3e+2imYG6V07qc9N6r0rhaFoUY20ERKMfFbAkn2CdIn+b0CXQhBSjVgdUhDQhJRsFir4lqXF6YKp5+ijDAD1MCc7CF0EpQy22VQYBF2eFIjWnIgBlkwAdlP30FZItmlSBqYyE7RWAsTcF9Vm7reDe9jfFANSlWp6qwFvJ2Dbar4rbfQ==         set interface "port12"         set vlanid 124     next end

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
4928
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to emnoc

Created on ‎10-04-2015 03:30 AM

Adding to emnoc's post:

- of course you don't need to use VDOMs; just ignore the "set vdom" line.

The main thing is that

- you enable PPPoE on the VLAN interface

- you don't enable PPPoE on the WAN interface - set it to MANUAL, IP=0.0.0.0/0

- both interfaces use the same physical port which is fine

 

Outgoing traffic will be tagged, incoming tagged traffic will be stripped of the VLAN tag.

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
4928
0 Kudos
emnoc
Esteemed Contributor III
In response to argst

Created on ‎10-05-2015 12:24 AM

Okay so your details are good and it looks like the far end is not answering. is the interface that carries vlan100 actually up?

 

On the default mtu that will not work, you you have  the overhead of the PPPoE protocols and the 802.1q tag of 8bytes for the latter.

 

I would triple check your details for the user/pass and then ensure the interface is up  and validate packets are arrive from the PPPoE server

 

e.g ( check for packets with ethernet headers )

 

diag sniffer packet wan1 '' 3

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
4928
0 Kudos
7 REPLIES 7
emnoc
Esteemed Contributor III

Created on ‎10-04-2015 12:06 AM

What are  you doing specifically and how?

 

You would need something similar to below;

 

config system interface     edit "vlan124interface"         set vdom "CNN45"         set mode pppoe         set snmp-index 60         set username "TRONCD4hjWEk01"         set password ENC GPPyOLfRw5SB/BeYIy0aLDH3e+2imYG6V07qc9N6r0rhaFoUY20ERKMfFbAkn2CdIn+b0CXQhBSjVgdUhDQhJRsFir4lqXF6YKp5+ijDAD1MCc7CF0EpQy22VQYBF2eFIjWnIgBlkwAdlP30FZItmlSBqYyE7RWAsTcF9Vm7reDe9jfFANSlWp6qwFvJ2Dbar4rbfQ==         set interface "port12"         set vlanid 124     next end

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4929
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to emnoc

Created on ‎10-04-2015 03:30 AM

Adding to emnoc's post:

- of course you don't need to use VDOMs; just ignore the "set vdom" line.

The main thing is that

- you enable PPPoE on the VLAN interface

- you don't enable PPPoE on the WAN interface - set it to MANUAL, IP=0.0.0.0/0

- both interfaces use the same physical port which is fine

 

Outgoing traffic will be tagged, incoming tagged traffic will be stripped of the VLAN tag.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4929
0 Kudos
argst
New Contributor
In response to ede_pfau

Created on ‎10-04-2015 04:59 AM

Thanks for the suggestions. Looked pretty similar to what I'd done. Went through and did it again. Status shows "failed" when looking at the interface. Config system interface Edit vlan100 Set mode pppoe Set username "username@isp.com" Set password "password" Set interface wan Set vlanid 100 Next End Wan interface is set to manual with no ip as suggested. All logs are empty. Where would I find the failure reason?
4890
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎10-04-2015 07:53 AM

I would start with diagnostics

 

diag debug  application pppoed -1

 

 

Validate any errors and warnings.  One more items you should consider is to set the  mtu size and ensure tcp-mss is set for SYN or SYN/ACKs

 

        set mtu-override enable         set mtu 1472

 

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4890
0 Kudos
argst
New Contributor
In response to emnoc

Created on ‎10-04-2015 06:40 PM

hey thanks again for the advice. still havent got there but surely learning. Pretty confident that they use a default mtu. Hadnt even considered the tcp-mss... i will look at trying these next.

 

outputs are below. Doesnt give me much to work with

 

diagnose debug info debug output:        disable console timestamp:    disable console no user log message:    disable zebos debug level:    306783954 (0x124926d2) pppoed debug level:    -1 (0xffffffff) CLI debug level:    3 diagnose debug enable parameters passed to pppd: pppd 0 pppoed vlan100 noipdefault noauth default-asyncmap defaultroute hide-password nodetach mtu 1492 mru 1492 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp user fibre12037834@dodo.com.au lcp-echo-interval 5 lcp-echo-failure 3 sync plugin /bin/pppoe.so     pppoe_retry_time 1 pppoe_padt_time 1 vlan100 ipunnumbered 0.0.0.0 idle 0 unnumbered-negotiate enable      child_exit()-461: A child process exits pppoed_main()-576: PID 2132 exit pppoed_main()-583: Interface vlan100 exit pppoed_main()-560: Start PPPoE interface vlan100 pppoed_main()-563: PID of vlan100 is 2145

4890
0 Kudos
emnoc
Esteemed Contributor III
In response to argst

Created on ‎10-05-2015 12:24 AM

Okay so your details are good and it looks like the far end is not answering. is the interface that carries vlan100 actually up?

 

On the default mtu that will not work, you you have  the overhead of the PPPoE protocols and the 802.1q tag of 8bytes for the latter.

 

I would triple check your details for the user/pass and then ensure the interface is up  and validate packets are arrive from the PPPoE server

 

e.g ( check for packets with ethernet headers )

 

diag sniffer packet wan1 '' 3

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4929
0 Kudos
argst
New Contributor
In response to emnoc

Created on ‎10-09-2015 12:46 AM

Hey guys

 

Sorry for such a delayed response! Busy week!

 

Turns out

a) i should never assume!

b) basics first!

 

The forums that indicated that the ISP only accepts traffic over VLAN100 were not correct for me. The issue was as simple as the username/password not matching my u/p for checking usage etc on their website!

 

Called the ISP to obtain the correct u/p and *pow* away we go.

 

That said. Great learning activities and have a much better idea of what i'm doing with the CLI and debug/logs now :)

 

Thank you both, shout out @emnoc for sticking with me! 

4890
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.